You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@superset.apache.org by mi...@apache.org on 2023/12/11 16:29:07 UTC
(superset) 04/04: fix: bump pyarrow constraints (CVE-2023-47248) (#26187)
This is an automated email from the ASF dual-hosted git repository.
michaelsmolina pushed a commit to branch 3.1
in repository https://gitbox.apache.org/repos/asf/superset.git
commit be81aaa31aa15f5e6d166d1ebfdb73ecd4f1462e
Author: cwegener <cw...@users.noreply.github.com>
AuthorDate: Mon Dec 11 16:27:53 2023 +0000
fix: bump pyarrow constraints (CVE-2023-47248) (#26187)
(cherry picked from commit 2ac28927a326fee6431b5e01f7930e650c636c17)
---
requirements/base.txt | 3 ++-
setup.py | 2 +-
2 files changed, 3 insertions(+), 2 deletions(-)
diff --git a/requirements/base.txt b/requirements/base.txt
index e8b1b43f91..df8f3ea557 100644
--- a/requirements/base.txt
+++ b/requirements/base.txt
@@ -252,7 +252,7 @@ prison==0.2.1
# via flask-appbuilder
prompt-toolkit==3.0.38
# via click-repl
-pyarrow==12.0.0
+pyarrow==14.0.1
# via apache-superset
pycparser==2.20
# via cffi
@@ -371,6 +371,7 @@ werkzeug==2.3.3
# via
# apache-superset
# flask
+ # flask-appbuilder
# flask-jwt-extended
# flask-login
wrapt==1.15.0
diff --git a/setup.py b/setup.py
index c3cc887bbf..18fb4dd1e6 100644
--- a/setup.py
+++ b/setup.py
@@ -113,7 +113,7 @@ setup(
"python-dateutil",
"python-dotenv",
"python-geohash",
- "pyarrow>=12.0.0, <13",
+ "pyarrow>=14.0.1, <15",
"pyyaml>=6.0.0, <7.0.0",
"PyJWT>=2.4.0, <3.0",
"redis>=4.5.4, <5.0",